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A SYSTEM AND METHOD FOR ALERTING COMPUTER 
USERS OF DIGITAL SECURITY INTRUSIONS 

BACKGROUND OF THE INVENTION 

5 1 . Field of the Invention. 

The present invention relates to a system and method for monitoring and 
alerting remote client users of digital intrusions of their computers by host 
servers. In particular, the present invention relates to a system and method for 
monitoring, by a remote client, actions taken by host servers relating to 

10 information about the remote client and alerting the remote client preferably 
with graphical alerts when a digital intrusion or a breach of security occurs 
during a network connection, such as a connection to the Internet, with the host 
server. 



15 2. Related Art. 

The Internet, via the World Wide Web (WWW), is a graphical and 
interactive computer environment for conducting electronic commerce, 
commonly referred to as e-commerce, between remote parties. Typically, a 
remote client user interacts with information located on a host server via a WWW 

20 browser. The browser enables the remote client user to graphically interact with 
the server. Since numerous remote clients can have access to a given host 
server, personalized interaction with each remote client, via their browser, is 
desired. Hence, self contained digital tracking components operating in WWW 
computer environments (such as the commonly referred to cookies ) can be 

25 associated with each respective WWW browser program being used by each 
remote client. 

Browser cookies are a common method used by host server WWW sites 
to gather information about a remote client requestor (remote client browser user) 
during a browser usage session. A browser cookie association with the remote 
30 client can be established by either having the host server site send a cookie to 
the client browser during a visit to the host server or by having a previously 
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created cookie that resides on the client s browser retrieved by the host server 
site. The cookies themselves are usually stored in a small binary file that holds 
information specific to the server host site that created them. 

Typically, the cookies include personal information related to the client 
5 user, such as the users name, address and other identifying indicia. For 

e-commerce purposes, cookies make filling out purchase forms easier because 
it requires gathering information only once from a particular client. As such, on 
return visits, the host server site can retrieve the cookie associated with the 
particular client and automatically fill the form out with the particular clients 

10 previously gathered information. The cookies can also contain links that were 
visited by the particular client on the site of the host server. Cookies are usually 
specific to a site of a particular host server and reside on the clients computer in 
a memory location, such as a cache directory, for easy and quick access. 

However, cookie use by clients and servers can present a security hole for 

15 the client. For example, personal and private information about a particular client, 
where the client has visited and what the client did at the server site, with a host 
created cookie, can present a privacy breach. Namely, unscrupulous host server 
sites, not necessarily the host server site that created the cookie, can access and 
read all cookies of a particular client when the client unknowingly accesses the 

20 unscrupulous host server site. This is a problem because the cookies can 

contain private information about the particular client and the unscrupulous host 
server can sell this information or use it to violate a client s privacy. 

Although several safety functions that are integrated with WWW browsers 
exist, they are not efficient and do not potentially identify unscrupulous server 

25 sites. For example, one integrated safety function is an on/off switch to either 
allow or disallow all cookie functionality so that host severs cannot originate or 
retrieve cookies. This is cumbersome and inefficient because many honest and 
law abiding sites require cookies. If the switch were disabled, the client would 
not be able to access many legitimate server sites. Therefore, what is needed is 

30 a system and method that will provide pertinent information to the client to allow 
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the client to make an informed decision whether or not to allow certain sites to 
retrieve the client s cookies. What is also needed is a system and method that 
uses a graphical alert device for detecting suspect cookie retrieval by server sites 
without unduly interrupting the WWW browsing process. 

5 

SUMMARY OF THE INVENTION 
To overcome the limitations in the prior art described above, and to 
overcome other limitations that will become apparent upon reading and 
understanding the present specification, the present invention is embodied in a 

10 system and method for monitoring and alerting remote client users of digital 
intrusions of their computers by host servers. 

In general, the present invention monitors actions taken by host servers 
relating to information about the remote client and displays graphical alerts to 
the user when a digital intrusion or a breach of security occurs during a network 

15 connection, such as a connection to the Internet, with the host server. It should 
be noted that although the alert is preferably a graphical alert, it can be any 
suitable alert, such as an audible alert or a combination audible/visual alert. 

Specifically, the present invention monitors certain aspects of the remote 
client user s interaction with host servers. Based on certain interactions, such 

20 as an attempt by the host server to retrieve information unrelated to the current 
host session, the remote client user can be provided with a graphical alert. This 
allows the remote client user to make an informed decision whether or not to 
allow certain host server sites to retrieve the client users personal information. 
Typically, personal information about the remote client user is located in 

25 a self-contained digital tracking component or packet of information residing on 
the remote client. The digital tracking component can be a WWW browser 
cookie defined by a binary file or similar component residing in a memory 
location, such as a memory cache of the remote client. As such, during WWW 
browsing by the remote client user, the system and method of the present 

30 invention detects and monitors cookie retrieval by host servers and then 
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graphically alerts the remote client user of any suspicious cookie retrieval by 
server sites without unduly interrupting the WWW browsing process. 

The user can designate the definition of what constitutes a suspicious 
retrieval. A typical example would be a first host site attempting to retrieve 
5 cookies generated and used by a second host site. Or, another example of 
suspicious behavior by a host site is any cookie retrieval or implantation by a 
host site when no WWW activity has been requested by the client in a 
reasonable period of time. For example, a host site may be snooping or 
implanting virus cookies in the background and without the knowledge of the 

10 remote client user during a visit or mere viewing of the site. The present 
invention monitors and alerts the client user of the above activity to prevent 
security breaches by host server sites. 

The present invention as well as a more complete understanding thereof 
will be made apparent from a study of the following detailed description of the 

15 invention in connection with the accompanying drawings and appended claims. 

BRIEF DESCRIPTION OF THE DRAWINGS 
Referring now to the drawings in which like reference numbers represent 
corresponding parts throughout: 
20 FIG. 1 illustrates a conventional hardware configuration for use with the 

present invention. 

FIG. 2 is a block diagram showing further details of selected components 
of a network system implementing the present invention; 

FIG. 3 is a sample user interface illustrating a working example of the 
25 present invention operating in a computer environment; and 

FIG. 4 is flowchart illustrating the operation of the invention. 

DETAILED DESCRIPTION OF THE INVENTION 
In the following description of the invention, reference is made to the 
30 accompanying drawings, which form a part hereof, and in which is shown by way 
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of illustration a specific example in which the invention may be practiced. It is to 
be understood that other embodiments may be utilized and structural changes 
may be made without departing from the scope of the present invention. 

5 I. Introduction 

The preferred embodiments may be practiced in any suitable hardware 
configuration that uses a networked connection, such as computing system 100 
illustrated in FIG. 1 or, alternatively, in a laptop or notepad computing system. 
Computing system 100 includes any suitable central processing unit 1 10, such 

10 as a standard microprocessor, and any number of other objects interconnected 
via system bus 112. For purposes of illustration, computing system 100 includes 
memory, such as read only memory (ROM) 116, random access memory (RAM) 
1 14, and peripheral memory devices (e.g., disk or tape drives 120) connected to 
system bus 1 12 via I/O adapter 118. Computing system 100 further includes a 

15 display adapter 136 for connecting system bus 1 12 to a conventional display 
device 138. Also, user interface adapter 122 could connect system bus 1 12 to 
other user controls, such as keyboard 124, speaker 128, mouse 126, and a 
touchpad (not shown). 

One skilled in the art readily recognizes how conventional computers and 

20 computer programs operate, how conventional input device drivers communicate 
with an operating system, and how a user conventionally utilizes a input devices 
to initiate the manipulation of objects in a graphical user interface. 

A graphical user interface (GUI) and operating system (OS) of the 
preferred embodiment reside within a computer-readable media and contain 

25 device drivers that allows one or more users to initiate the manipulation of 
displayed object icons and text on a display device. Any suitable 
computer-readable media may retain the GUI and operating system, such as 
ROM 116, RAM 114, disk and/or tape drive 120 (e.g., magnetic diskette, 
magnetic tape, CD-ROM, optical disk, or other suitable storage media). 
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In the preferred embodiments, the COSE.TM. (Common Operating 
System Environment) desktop GUI interfaces the user to the AIX. TM. operating 
system. The GUI may be viewed as being incorporated and embedded within the 
operating system. Alternatively, any suitable operating system or desktop 
5 environment could be utilized. Examples of other GUIs and/or operating systems 
include X1 1 TM. (X Windows) graphical user interface, Sun's Solaris.TM. 
operating system, and Microsoft's Windows 95TM. operating system. While the 
GUI and operating system merely instruct and direct CPU 110, for ease in 
explanation, the GUI and operating system will be described as performing the 
10 following features and functions. 

II. General Overview of the Components 

FIG. 2 is a block diagram showing further details of selected components 
of a network system implementing the present invention. A representative 

15 system in which the present invention is implemented is illustrated in FIG. 1. A 
client machine 210 is connected to a Web server platform 212 via a 
communication channel 214. For illustrative purposes, channel 214 is the 
Internet, an intranet or other known network connection. Web server platform 
212 is one of a plurality of servers that are accessible by clients, one such client 

20 being illustrated by machine 210. A representative client machine includes an 
operating system 21 1 , a graphical user interface 213, and a browser 216. A 
browser is a known software tool used to access the servers of a network, such 
as the Internet. Representative browsers include, among others, Netscape 
Navigator, Microsoft Internet Explorer or the like, each of which are "off-the-shelf 

25 or downloadable software programs. 

The Web server platform (sometimes referred to as a "Web" site) supports 
files in the form of hypertext documents and objects. Although any suitable 
platform can be used, one representative Web server platform 212, comprises an 
IBM RISC System/6000 computer 218 running the AIX (Advanced Interactive 

30 Executive) Operating System 220 and a Web server program 222, such as 
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Netscape Enterprise Server Version 2.0, that supports interface extensions. The 
platform 212 also includes a graphical user interface (GUI) 224 for management 
and administration. The various models of the RISC-based computers are 
described in many publications of the IBM Corporation, for example, RISC 
5 System 6000, 701 3 and 7016 POWERstation and POWERserver Hardware 
Technical Reference, Order No. SA23-2644-00. 

AIX OS is described in AIX Operating System Technical Reference, 
published by IBM Corporation, First Edition (November 1985), and other 
publications. While the above platform is useful, any other suitable 

10 hardware/operating system/Web server combinations may be used. 

When a remote client user 210 wishes to connect to a particular host 
server 212, such as a WWW server, the user typically requests access by 
specifying the name of the desired host server. In many cases, self-contained 
digital tracking components 230 (hereinafter referred to as browser cookies ) 

15 associate a client user with information about the client 210 via the WWW 
browser. A browser cookie association with the remote client 210 can be 
established by either having the host server site 212 send a cookie 230 to the 
client browser during a visit the host server or by having a previously created 
cookie that resides on the clients browser 21 6 be retrieved by the host server 

20 site. The cookies 230, 232 themselves are usually stored in a small binary file 
that holds information specific to the server host site that created them and can 
also contain personal information about the client user. The cookies typically 
reside on the remote client and are stored in computer readable memory of the 
remote client, such as a cookie cache to allow quick and easy access to the 

25 cookies during interaction with host servers. 

The cookies 230, 232 can change depending on the usage of the client 
210 or program in a given computer environment. For example, in a networking 
environment, the cookie 230 can be a dynamic message generated and given by 
a server 212 to the client 210 based on information associated with the client 

30 210. The client 210 stores the message, for example, in a binary or a text cookie 
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file 232. The cookie 232 can then be sent back to the server 212 each time the 
client's 210 computer requests a page from the server 212. 

The main purpose of cookies is to identify clients and possibly prepare 
customized Internet or World Wide Web (WWW) pages for the clients. For 

5 instance, when a particular client enters a WWW site and cookies are used, the 
client may be asked to fill out a form providing client information, such as name, 
interests, private account data, client indicia, etc. This information can be 
packaged into a cookie and sent to the client's computer. The cookie can be 
accessible by any suitable computer program, such as a WWW browser, which 

10 stores it for later use. Each time the client enters the same WWW site that sent 
the cookie, the clients WWW browser will send the cookie to that server. The 
server can then use this information to present the client with custom WWW 
pages. As such, for example, instead of seeing just a generic welcome page, the 
client might see a welcome page with the client's name and other information 

15 related to the client, such as private account information. 

However, cookie use by clients and servers can present a security hole for 
the client. For example, personal and private information about a particular client, 
where the client has visited and what the client did at the server site, with a host 
created cookie, can present a privacy breach. Namely, unscrupulous host server 

20 sites, not necessarily the host server site that created the cookie, can access and 
read all cookies of a particular client when the client unknowingly accesses the 
unscrupulous host server site. Because the cookies can contain private 
information about the particular client and the unscrupulous host server can sell 
this information or use it to violate a client s privacy, this is a problem that the 

25 present invention solves. 



III. Details of the Operation 

FIG. 3 is a sample user interface illustrating a working example of the 
present invention operating in a computer environment. The following 
30 discussion describes a working example of the present invention as a software 
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implementation operating in a computer environment. The GUI 213 can provide 
a viewing and interactive area for the browser 216. The browser can be a 
WWW browser and have browsing function buttons 310 and a browsing 
viewing area 315 for allowing a remote client user to access and interact with 
5 host servers via the World Wide Web of the Internet. 

The WWW browser 216 can also have a monitoring and alert function 
320 that monitors actions taken by host servers relating to information about the 
remote client and alerts the remote client with actions taken by the host server. 
For instance, a digital intrusion can occur when a host server with a particular 

10 domain and URL attempts to take a cookie that was not originated by that 

particular domain or URL. The alert function can notify the remote client when 
the digital intrusion or the breach of security occurs during a network 
connection, such as a connection to the Internet, with the host server. The 
notification can be any suitable notification, such as a visual alert, including a 

15 change to the user interface, an audible alert or message or a combination 
audible/visual alert. 

Preferably, the monitoring and alert function 320 is a graphical display 
located at the bottom or to the side of the WWW browser 216 that displays, in 
symbolic format, the various cookies that the remote client has residing in a 

20 memory location, such as the cookie cache. In operation, when the remote 
client visits or attaches to a WWW host server site, the monitoring and alert 
function 320 can be activated. During data communication between the host 
server and remote client, the monitoring and alert function 320 can monitor the 
cookie activity between the remote client and the host server. The monitoring 

25 and alert function 320 can monitor the cookie symbols in the cookie cache of 
the remote client and, if a cookie is requested by the server, determine which 
cookies have the same domain name as the host server site that is requesting 
the cookies. If the domain name is the same the remote client user can be 
alerted with a safe symbol or display. For example, the monitoring and alert 
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function 320 can have a portion of the display turn to a solid, safe color, such as 
blue. 

However, while the remote client user is connected to a host server site 
and there are requests to transfer cookies from other domain names, the 
5 monitoring and alert function 320 can have symbolic cache images that start 
flashing red colors. This red alert display can inform the remote client that a 
particular host server is trying to take cookies from the remote clients browser 
cookie cache that are not associated with the host server. The monitoring and 
alert function 320 then provides the remote client user with several immediate 

10 options. One option includes stopping data transfer between the remote client 
and the host server that is attempting to take cookies that are not associated or 
that were not created by that host server. Another option is to provide the client 
user with an option to allow the host server to retrieve that particular cookie. 
Also, the monitoring and alert function 320 optionally can immediately exit the 

15 browser program to prevent the cookie theft. Further, even if the host server 
that is attempting to take a particular cookie is associated with the cookie or 
created the cookie, the client user has the option of not allowing the host server 
to the particular cookie. 

In addition, the monitoring and alert function 320 also allows 

20 immediate and easy access to vital cookie information relating to each 
cookie in the cookie cache with graphical display access. For example, 
when a remote client selects or double clicks on each display device or icon of 
the cookie cache, the remote user can see vital information (domain name, 
cookie name, etc.) associated with that cookie. 

25 As a result, the present invention is a more efficient way of allowing 

regular transactions (cookie exchange to occur) without having to request 
permission for every cookie transmission. Further, the present invention is a 
fast visual way of monitoring and detecting cookie access and a way of 
preventing irregular or illegal requests for cookies that certain host server sites 

30 may attempt to perform when they have no reason to request such information. 
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Although plug-in software is available that allows remote clients to remove or 
flush all cookies or even masquerade a remote clients identification, these 
plug-ins are not as efficient as the present invention because they often prevent 
or hinder normal and smooth network transactions from occurring. In contrast, 
5 the present invention can utilize a graphical display device for monitoring, 

detecting and preventing suspect cookie retrieval by server sites without unduly 
interrupting and hindering the WWW browsing process. 

Fig. 4 is flowchart illustrating the operation of the invention. In a preferred 
embodiment, first, a remote client connects with a host server and creates a data 

10 communication link between the two (step 400). Second, the remote client 

monitors requests by the host server to access data residing on the remote client 
(step 410). Third, it is determined whether the domain name of host server 
matches the domain name associated with data that server is requesting (step 
412). If the data does not match, the remote client is alerted of the data 

15 mismatch and the request by the host server to access data not associated with 
that particular server (step 414). Next, it is determined whether the remote client 
wants to allow the host server access to the data not associated with that server 
(step 416). If the remote client does not want to allow access to the data, the 
host sever is prevented from accessing the data (step 418). If the remote client 

20 wants to allow access to the data or the data matches from step 412, the host 

server is allowed access to the data and the data is communication link between 
the remote client and the host server is continued (step 420). 

The foregoing description of the invention has been presented for the 
purposes of illustration and description. It is not intended to be exhaustive or to 

25 limit the invention to the precise form disclosed. Many modifications and 
variations are possible in light of the above teaching. It is intended that the 
scope of the invention be limited not by this detailed description, but rather by 
the claims appended hereto. 



11 



IBM Docket No. AUS9-2000-0323-US1 



Patent Application 



WHAT IS CLAIMED IS: 

1 . A computer-readable medium having computer-executable 

instructions for performing a process, the process comprising: 

monitoring access by a host server of digital tracking components 
5 residing on a remote client during digital communication between the remote 
client and the host server; and 

providing an alert to the remote client when the host server 
requests one or more of the digital tracking components that contains 
information that is not associated with the host server. 

10 

2. The computer-readable medium for performing a process of claim 
1 , wherein the information is information about the remote client that is 
associated with other host servers. 

15 3. The computer-readable medium for performing a process of claim 

1, wherein the information that is not associated with the host server making 
the request contains confidential information. 

4. The computer-readable medium for performing a process of claim 
20 1 , wherein the alert is a visual alert. 

5. The computer-readable medium for performing a process of claim 
1, wherein the alert is an audible alert. 

25 6. The computer-readable medium for performing a process of claim 

1, wherein the remote client communicates with the host server via a networked 
connection. 

7. The computer-readable medium for performing a process of claim 
30 6, wherein the networked connection is a World Wide Web Internet connection. 
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8. The computer-readable medium for performing a process of claim 

7, wherein the method operates within a World Wide Web browser. 

5 

9. The computer-readable medium for performing a process of claim 

8, wherein the digital tracking component is a cookie that is used by the World 
Wide Web browser. 

10 10. The computer-readable medium for performing a process of claim 

1, further comprising displaying in symbolic format the digital tracking 
components that the remote client has residing in a memory location. 

11. In a computer system having a connection between a remote 
15 client and a host server, a method of protecting the remote client from 

digital intrusions, the method comprising: 

monitoring access by host servers of digital tracking components 
of the remote client; and 

providing an alert to the remote client when a request of a 
20 particular digital tracking component by a particular host server is made if the 
particular host server is not associated with the requested digital tracking 
component. 

12. The method of claim 1 1 , wherein the remote client includes a 
25 graphical user interface including a display and a user interface selection 

device for providing the alerts. 
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13. The method of claim 1 1 , wherein the alerts are provided as 
audible alerts. 

14. The method of claim 12, wherein the alerts are provided by 

5 displaying the alert via the user interface to the remote client to indicate a 
request of a particular digital tracking component by a particular host 
server and whether the particular host server is associated with the 
requested digital tracking component. 

10 15. The method of claim 14, wherein the connection between the 

remote client and the host server is a World Wide Web Internet connection. 

16. A computer security system for preventing host servers from 
taking inappropriate self-contained packets of information residing on a remote 

15 client, the system comprising: 

a monitor module that monitors requests by the host servers of the 
self-contained packets of information residing on a remote client during digital 
communication between the remote client and the host server; and 

a notify module that provides a notification to the remote client 
20 when a particular host server requests one or more of the self-contained 

packets of information that contains information that is not associated with the 
particular host server. 

17. The computer security system of claim 16, wherein the 
25 notification is a visual alert. 

18. The computer security system of claim 16, wherein the alert is 
an audible alert. 
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19. The computer security system of claim 16, wherein the monitor 
and notify modules operate within a World Wide Web browser and the 
self-contained packets of information are cookies. 

5 

20. The computer security system of claim 19, wherein the notify 
module displays in symbolic format the cookies that the remote client has 
residing in a memory location. 

10 21 . A method of transacting data between a first and a second 

computer, comprising: 

monitoring data requests from the first computer by the second 

computer; 

determining whether the second computer should have access to 
15 the data requested; and 

preventing the second computer from accessing the data if it is 
determined that the second computer should not have access to the data. 

22. The method of claim 21 , wherein the transaction of data occurs 
20 over the Internet. 

23. The method of claim 22, wherein the data is a digital tracking 
component. 

25 24. The method of claim 23, wherein the transaction of data occurs 

within a World Wide Web browser environment and the digital tracking 
component is a cookie. 
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25. A computer-readable medium having computer-executable 
instructions for performing a process for transacting data between a first and a 
second computer, the process comprising: 

monitoring data requests from the first computer by the second 

5 computer; 

determining whether the second computer should have access to 
the data requested; and 

preventing the second computer from accessing the data if it is 
determined that the second computer should not have access to the data. 

10 

26. The computer-readable medium for performing a process of claim 
25, wherein the transaction of data occurs over the Internet. 

27. The computer-readable medium for performing a process of claim 
15 26, wherein the data is a digital tracking component. 

28. The computer-readable medium for performing a process of claim 
27, wherein the transaction of data occurs within a World Wide Web browser 
environment and the digital tracking component is a cookie. 

20 

29. A computer security system for preventing inappropriate 
transaction of data between a first and a second computer, the system 
comprising: 

a monitor module that monitors data requests from the first 
25 computer by the second computer; 

an access module that determines whether the second computer 
should have access to the data requested; and 

a prevent module that prevents the second computer from 
accessing the data if it is determined that the second computer should not have 
30 access to the data. 
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30. The computer security system of claim 29, wherein the transaction 
of data occurs over the Internet. 

5 31 . The computer security system of claim 30, wherein the data is a 

digital tracking component. 

32. The computer security system of claim 31 , wherein the transaction 
of data occurs within a World Wide Web browser environment and the digital 
10 tracking component is a cookie. 
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A SYSTEM AND METHOD FOR ALERTING COMPUTER 
USERS OF DIGITAL SECURITY INTRUSIONS 

ABSTRACT OF THE INVENTION 
5 The present invention is embodied in a system and method for 

monitoring and alerting remote client users of digital intrusions of their 
computers by host servers. In general, the present invention monitors actions 
taken by host servers relating to information about the remote client and 
displays graphical alerts when a digital intrusion or a breach of security occurs 

10 during a network connection, such as a connection to the Internet, with the host 
server. Specifically, the present invention monitors certain aspects of the 
remote client users interaction with host servers. Based on certain interaction, 
such as an attempt by the host server to retrieve non-related information about 
the remote client, the remote client user can be provided with a graphical alert. 

15 This allows the remote client user to make an informed decision whether or not 
to allow certain host server sites to retrieve the client user s personal 
information. 
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DECLARATION AND POWER OF ATTORNEY FOR 
PATENT APPLICATION 

As a below named inventor, I hereby declare that: 

My residence, post office address and citizenship are as stated below next to my name; 

I believe I am the original, first and sole inventor (if only one name is listed below) or an 
original, first and joint inventor (if plural names are listed below) of the subject matter which is claimed 
and for which a patent is sought on the invention entitled 

A SYSTEM AND METHOD FOR ALERTING COMPUTER USERS OF DIGITAL 
SECURITY INTRUSIONS 

the specification of which (check one) 
X is attached hereto. 



was filed on 

as Application Serial No. 

and was amended on 

(if applicable) 

I hereby state that I have reviewed and understand the contents of the above identified specification, 
including the claims, as amended by any amendment referred to above. 

I acknowledge the duty to disclose information which is material to the patentability of this application 
in accordance with Title 37, Code of Federal Regulations, Sec. 1.5 6. 

I hereby claim foreign priority benefits under Title 35, United States Code, Sec. 1 19 of any foreign 
application(s) for patent or inventor's certificate listed below and have also identified below any foreign 
application for patent or inventor's certificate having a filing date before that of the application on which 
priority is claimed: 

Prior Foreign Application(s) : Priority Claimed 

Yes 

No 

(Number) (Country) (Day/Month/Year) 

I hereby claim the benefit under Title 35, United States Code, 120 of any United States application(s) 
listed below and, insofar as the subject matter of each of the claims of this application is not disclosed in 
the prior United States application in the manner provided by the first paragraph of Title 35, United 
States Code, Sec.l 12, 1 acknowledge the duty to disclose information material to the patentability of this 
application as defined in Title 37, Code of Federal Regulations, Sec. 1.56 which occurred between the 
filing date of the prior application and the national or PCT international filing date of this application: 



(Application Serial #) 



(Filing Date) 
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(Status) 
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I hereby declare that all statements made herein of my own knowledge are true and that all statements 
made on information and belief are believed to be true; and further that these statements were made 
with the knowledge that willful false statements and the like so made are punishable by fine or 
imprisonment, or both, under Section 1 001 of Title 1 8 of the United States Code and that such willful 
false statements may jeopardize the validity of the application or any patent issued thereon. 

POWER OF ATTORNEY: As a named inventor, I hereby appoint the following attorneys and/or agents 
to prosecute this application and transact all business in the Patent and Trademark Office connected 
therewith. 



John W. Henderson, Jr., Reg. No. 26,907; James H. Barksdale, Jr., Reg. No. 24,091; Thomas E. Tyson, 
Reg. No. 28,543; Robert M. Carwell, Reg. No. 28,499; Jeffrey S. LaBaw, Reg. No. 31,633; Douglas H. 
Lefeve, Reg. No. 26,193; Casimer K. Salys, Reg. No. 28,900; David A. Mims, Jr., Reg. No. 32,708; Mark 
E. McBurney, Reg. No. 33,1 14; Anthony V. England, Reg. No. 35,129; Volel Emile, Reg. No. 39,969; 
Leslie A. Van Leeuwen, Reg. No. 42,196; Christopher A. Hughes, Reg. No. 26,914; Edward A. 
Pennington, Reg. No. 32,588; John E. Hoel, Reg. No. 26,279; Joseph C. Redmond, Jr., Reg. No. 18,753; 
Marilyn S. Dawkins, Reg. No. 31,140; and Edmond A. DeFrank, Reg. No, 37,814. 



Send correspondence to: 

Edmond A. DeFrank 
19803 Ahwanee Lane 
Northridge, CA 91326 

and direct all telephone calls to Volel Emile (512) 823-1005. 




FULL NAME OF SOLE OR FIRST INVENTC 
INVENTOR SIGNATt 

RESIDENCE: 1 1 04 Forest Oaks Path 
Cedar Park, TX 78621 

CITI ZENSFflP: U.S. Citizen 

POST OFFICE ADDRESS: Same as Above 



ptt Allen Carroll 



DATE: //^\ )LJ ? d&<fi> 



FULL NAME OF SECOND INVENTOR: William Alton Fiveash 

INVENTOR SIGNATURE: /Utf^dftUfc*jl DATE: ?/Tl?*<>0 

RESIDENCE: 4603 Finley Drive 

Austin, Texas 78731 

CITIZENSHIP: U.S. Citizen 

POST OFFICE ADDRESS: Same as Above 
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FULL NAME OF THIRD INVENTOR: Gerald Francis McBr^arty 

7- // ^l_Odrr=> 




INVENTORS SIGNATURE: ^c^ c^r / —^ / DATE: 

RESIDENCE: 1 0709 Bayridge Cove 
Austin, Texas 78759 

CITI ZENSHIP: U.S. Citizen 
POST OFFICE ADDRESS: Same as Above 




FULL NAME OF FOURTH INVENTOR:, Shawn Patri 



INVENTORS SIGNATURE: 



RESIDENCE: 39 Country Oaks 
Buda,TX 78610 

CITI ZENSHIP: U.S. Citizen 



DATE: 




7/coao 



POST OFFICE ADDRESS: Same as Above 



FULL NAME OF FIFTH INVENTOR: Johnny Meng-Han Shieh 



INVENTORS SIGNATURE: 



DATE: 7/7/-3&2D 



RESIDENCE: 12201 An wwoofrDrfve {J^qIIm ^ 

Austin, TX TOT- ^ ^ ^ .^J^ 

CITI ZENSHIP: U.S. Citizen 

POST OFFICE ADDRESS: Same as Above 
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